yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-08 10:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
5002 commits 88 branches 205 tags 69 MiB
Commit graph

5002 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard a566dc4d45 fixup previous commit: add forgotten file 2018-03-14 14:10:43 +01:00
Manuel Pégourié-Gonnard 74b8ae89c6 x509: CRL: add tests for non-critical extension 
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
 2018-03-14 12:48:04 +01:00
Manuel Pégourié-Gonnard 85f36ae0a1 x509: CRL: add tests for malformed extensions 
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
 2018-03-14 12:48:03 +01:00
Manuel Pégourié-Gonnard b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine 8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed 
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
 2018-03-13 17:26:49 +01:00
Manuel Pégourié-Gonnard 503047f824 Fix 2.1-specific remaining MD/PK depend issues 
For library/certs.c the issue is resolved by aligning it with the version in
the 2.7 branch (which is currently the same as the version in the development
branch)
 2018-03-13 11:53:48 +01:00
Hanno Becker 41b6189ef7 Adapt ChangeLog 
Add note about fix of memory leak in RSA self test.
 2018-03-13 10:42:43 +00:00
Hanno Becker b81fcd00e6 Correct memory leak in RSA self test 
The RSA self test didn't free the RSA context on failure.
 2018-03-13 10:31:02 +00:00
Gilles Peskine 5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine 889de8eedb Merge branch 'pr_1276' into mbedtls-2.1-proposed 2018-03-12 23:51:01 +01:00
Gilles Peskine 681f5aacfe Align ChangeLog entry with 2.7 2018-03-12 23:50:18 +01:00
Gilles Peskine 8da4f864a5 Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
Gilles Peskine 5913453168 Merge remote-tracking branch 'upstream-public/pr/1431' into mbedtls-2.1-proposed 2018-03-12 23:43:44 +01:00
Manuel Pégourié-Gonnard 62732b36fb Fix remaining issues found by depend-hashes 2018-03-12 15:52:55 +01:00
Manuel Pégourié-Gonnard 8326fb2e1f Fix remaining issues found by depend-pkalgs 2018-03-12 15:52:53 +01:00
Gilles Peskine adee19582e Merge branch 'pr_1409' into mbedtls-2.1-proposed 2018-03-11 00:52:36 +01:00
Gilles Peskine 857802afb3 Merge remote-tracking branch 'upstream-public/pr/1250' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine d38464698e Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine 0aacc9a96d Merge remote-tracking branch 'upstream-public/pr/1297' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine 9a00ef3cf1 Merge branch 'pr_953' into HEAD 2018-03-11 00:52:24 +01:00
Gilles Peskine b1e6efd55d This fixes #664 2018-03-11 00:51:02 +01:00
Gilles Peskine 15967a8501 Fix grammar in ChangeLog entry 2018-03-11 00:15:56 +01:00
Gilles Peskine af18faca22 Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed 2018-03-10 23:52:22 +01:00
Gilles Peskine fa839bee39 Show build modes in code font 
This clarifies that it's the string to type and not just some
description of it.
 2018-03-09 14:24:36 +01:00
Manuel Pégourié-Gonnard 1ac5dd43f0 Fix typos in previous commits 2018-03-09 14:20:41 +01:00
Manuel Pégourié-Gonnard 4b08022859 readme: clarify CFLAGS prepending/overriding 2018-03-09 14:20:36 +01:00
Manuel Pégourié-Gonnard c3342fa6d3 Improve cmake usage notes in Readme 2018-03-09 14:20:17 +01:00
Gilles Peskine ca4efdd0ad Refer to X.690 by number 
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
 2018-03-08 18:16:45 +01:00
Manuel Pégourié-Gonnard ac54cea7f9 x509: fix remaining unchecked call to mbedtls_md() 
The other two calls have been fixed already, fix that one too for consistency.
 2018-03-07 09:44:31 +01:00
Manuel Pégourié-Gonnard 19d77b6aa6 Clarify mutual references in comments 2018-03-07 09:44:28 +01:00
Manuel Pégourié-Gonnard b6d3e6d102 Fix some issues in comments 2018-03-06 10:35:15 +01:00
Manuel Pégourié-Gonnard f1985570a9 Fix order of sections in ChangeLog 2018-03-06 10:34:56 +01:00
Hanno Becker 89e7422a27 Add ChangeLog entry for previous security fix 
Fixes #825
 2018-03-05 13:46:10 +01:00
Hanno Becker dc8751d31e Fix bug in X.509 CRT verification code 2018-03-05 13:46:10 +01:00
Manuel Pégourié-Gonnard 52de8e01a0 Document choice of script exit code 2018-03-05 13:46:10 +01:00
Manuel Pégourié-Gonnard 78df7fcc8c Fix some comment typos 2018-03-05 13:46:08 +01:00
Gert van Dijk fb3946a7f9 Tests: depends-pkalgs.pl - disable less options 
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
 2018-03-05 13:45:37 +01:00
Gert van Dijk 8111a8507d Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug 
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
 2018-03-05 13:45:36 +01:00
Manuel Pégourié-Gonnard dc8b7482e3 Fix test that didn't check full value of flags 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard e9c44d2362 Improve some comments 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard 3273955191 Unify name of default profile in X.509 tests 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard 8f29107430 Add missing dependency in test-certs Makefile 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard b119d40fa9 Improve some comments, fix some typos 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard 3f0f972ac5 Fix some whitespace 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard 0eb6315b6d Make some perl scripts usable with git bisect run 
For that they need to return between 0 and 124 on error, while die returns
255, causing bisect-run to abort.
 2018-03-05 13:45:04 +01:00
Manuel Pégourié-Gonnard afbbcf849c Add comments on chain verification cases 
This is the beginning of a series of commits refactoring the chain
building/verification functions in order to:
- make it simpler to understand and work with
- prepare integration of restartable ECC
 2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard aa86a61181 Add test for callback and bad signatures 
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
 2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard 7e00e1c26b Add test for bad name and callback 
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
 2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard 93d828cc83 Add test for same CA with different keys 
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
 2018-03-05 13:44:22 +01:00